CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30440 – WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30440
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Themify Themify Event Post permite XSS almacenado. Este problema afecta a Themify Event Post: desde n/a hasta 1.2.7. The Themify Event Post plugin for WordPress is vulnerable to S... • https://patchstack.com/database/vulnerability/themify-event-post/wordpress-themify-event-post-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24872 – WordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24872
05 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Themify Themify Builder. Este problema afecta a Themify Builder: desde n/a hasta 7.0.5. The Themify Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.5. This is due to missing or incorrect nonce validation on the cache_menu() function. • https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51693 – WordPress Themify Icons Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51693
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('cross-site Scripting') en Themify Icons permite XSS almacenado. Este problema afecta a Themify Icons: desde n/a hasta 2.0.1. The Themify Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plu... • https://patchstack.com/database/vulnerability/themify-icons/wordpress-themify-icons-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46145 – WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-46145
17 Oct 2023 — Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. La vulnerabilidad de gestión de privilegios incorrecta en Themify Themify Ultra permite la escalada de privilegios. Este problema afecta a Themify Ultra: desde n/a hasta 7.3.5. The themify-ultra theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.5. This makes it possible for low-level attackers with subscri... • https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46146 – WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-46146
17 Oct 2023 — Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. Vulnerabilidad de autorización faltante en Themify Themify Ultra. Este problema afecta a Themify Ultra: desde n/a hasta 7.3.5. The Themify Ultra theme for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 7.3.5. This makes it possible for authenticated attackers, with subscriber-level acce... • https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-multiple-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46147 – WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-46147
17 Oct 2023 — Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. Vulnerabilidad de deserialización de datos no confiables en Themify Themify Ultra. Este problema afecta a Themify Ultra: desde n/a hasta 7.3.5. The themify-ultra theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.3.5 via deserialization of untrusted input. This makes it possible for authenticated attackers with subscriber access and... • https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46148 – WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2023-46148
17 Oct 2023 — Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. Vulnerabilidad de autorización faltante en Themify Themify Ultra. Este problema afecta a Themify Ultra: desde n/a hasta 7.3.5. The themify-ultra theme for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on an unknown function in all versions up to, and including, 7.3.5. This makes it possible for authenticated attackers with sub... • https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-arbitrary-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46149 – WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-46149
17 Oct 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Themify Themify Ultra. Este problema afecta a Themify Ultra: desde n/a hasta 7.3.5. The themify-ultra theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in during a file upload in all versions up to, and including, 7.3.5. This makes it possible f... • https://patchstack.com/database/vulnerability/themify-ultra/wordpress-themify-ultra-theme-7-3-3-authenticated-unrestricted-zip-extraction-lead-to-rce-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2654 – Conditional Menus < 1.2.1 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-2654
24 May 2023 — The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin The Conditional Menus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_page' and 'num_of_pages ' parameters in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... • https://wpscan.com/vulnerability/506ecee9-8e42-46de-9c5c-fc252ab2646e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32970 – WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-32970
18 Apr 2023 — Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions. The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Auth.... • https://patchstack.com/database/vulnerability/themify-portfolio-post/wordpress-themify-portfolio-post-plugin-1-2-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •